Claw Problem Diagnoser

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw troubleshooting skill, but its repair mode can install packages, start/init services, and change file permissions with limited guardrails.

Install only if you are comfortable with a troubleshooting tool that can modify your OpenClaw environment. Prefer report-only diagnosis first, avoid `--auto-fix` and sudo unless you have reviewed the exact fixes, and back up OpenClaw configuration before allowing repairs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def fix(self, issue: DiagnosticIssue) -> bool: if issue.fix_script: try: result = subprocess.run(issue.fix_script.split(), capture_output=True, text=True, shell=True) if result.returncode == 0: logger.info(f"成功修复权限: {issue.title}")
Confidence: 98% confidence
Finding: result = subprocess.run(issue.fix_script.split(), capture_output=True, text=True, shell=True)

Tainted flow: 'issue' from requests.get (line 348, network input) → subprocess.run (code execution)

Critical

Category: Data Flow
Content: def fix(self, issue: DiagnosticIssue) -> bool: if issue.fix_script: try: result = subprocess.run(issue.fix_script.split(), capture_output=True, text=True, shell=True) if result.returncode == 0: logger.info(f"成功修复权限: {issue.title}")
Confidence: 90% confidence
Finding: result = subprocess.run(issue.fix_script.split(), capture_output=True, text=True, shell=True)

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The skill is presented as a diagnoser but also performs impactful remediation actions: initializing software, installing packages, starting services, and modifying permissions. This mismatch increases the chance that users will run it with more trust than warranted, causing unintended system changes or abuse in an agent context.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Including `pip install` capability inside a diagnostic skill broadens its authority beyond inspection into software modification and supply-chain exposure. In agent environments, this can be abused to alter the runtime, install unexpected packages, or create persistence through dependency changes.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly promotes an automatic fix mode that may change configuration, dependencies, permissions, or services, but it does not provide a clear warning about system modifications, possible breakage, or the need for confirmation and backups. In a diagnostic/remediation skill, this omission is risky because users may invoke repair actions expecting read-only behavior and unintentionally alter important system state.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documented remote diagnosis feature implies connecting to another host and inspecting its environment, yet there is no privacy, authorization, or credential-handling warning. This is dangerous because remote diagnostics can expose sensitive system details, logs, configuration, and secrets if used without clear consent, secure transport, and scope limitations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The automatic fix workflow executes system-modifying commands without per-action confirmation or strong safety interlocks. In an agent setting, this is dangerous because a user may request diagnosis but inadvertently authorize package installs, service starts, or permission changes with significant side effects.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal